Probleme d'explorer.exe Sous vista

ti² -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Alors voilà, depuis quelque temps mon explorateur vista plante, je ne m'étais soucié de rien pensant que ça venait de vista , cependant, là mon antivirus Nod 32 s'alarme souvent en detectant un virus provenant de fichiers Dll à chaque fois different et une erreur de temps à autre s'affiche :

Run Dll
C:\users\****\Appdata\Local\Temp\****.dll
entrée manquante : run

Donc je ne comprend pas ce virus surtout que jai lancé C cleaner, Avg anti-spyware free version, Windows Defender et enfin une analyse aprofondie sous Nod 32 , aucun problème détecté mais l'erreur reste toujours la même : l'explorer plante très souvent et jai même l'impression que c'est de pire en pire.
A noter que avant d'installer Nod 32 et Avg anti spyware je possedais Avast et spybot mais on dirait que depuis que j'ai changé , mon ordi a été infecté.
Merci de répondre à mon problème qui est disons le fort énervant ^^
Configuration: Windows Vista
Firefox 2.0.0.11

16 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    ___________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html
    0
  2. ti²
     
    Désolé mais Mozilla Firefox et internet explorer n'ont pu me donner un rapport d'analyse d'antivirus car ils plantaient à chaque fois :/
    Cependant je me souviens bien que j'avais déjà effectué un test avec bitdefender mais il ne m'avait rien trouvé :/
    sinon voici ce que Hijackthis me dit :

    "Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:20:17, on 05/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\ico.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    C:\Windows\System32\Pmxmiced.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files\Windows Mail\WindowsMailGadget.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Eset\nod32.exe
    C:\Windows\Explorer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
    O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
    O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
    O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
    O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
    O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
    O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
    O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
    O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
    O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: (no name) - {E86B8737-CB3B-4E8C-917A-7E9DE37C522F} - C:\Windows\system32\tuvwv.dll
    O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
    O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
    O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
    O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
    O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
    O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqpq.dll,#1
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\nnlll.dll,#1
    O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\wwunrxff.dll",b
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\chsclupr.dll",run
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-2836830652-3049038524-373805858-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    relance hiajckthis, fais do a system scan only puis selectionne et vire ces lignes (fix cheked)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1071219
    O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
    O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
    O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
    O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
    O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
    O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
    O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
    O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
    O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
    O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
    O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
    O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
    O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
    O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
    O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
    O2 - BHO: (no name) - {E86B8737-CB3B-4E8C-917A-7E9DE37C522F} - C:\Windows\system32\tuvwv.dll
    O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
    O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
    O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
    O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
    O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
    O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

    O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b

    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\nnlll.dll,#1
    O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\wwunrxff.dll",b
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\chsclupr.dll",run

    ________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\tuvwv.dll
    C:\Windows\system32\lpktwjlf.dll
    C:\Windows\system32\xywmtcah.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    C:\Program Files\Helper\1201110269.dll

    __________________
    recolle hiajkchtis et dis tes soucis
    0
  4. ti²
     
    slt,
    Alors j'ai suivi ta procédure mais il y a toujours le même probleme :/
    Je post le dernier rapport éffectué :
    "
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:43:58, on 06/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1071219
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
    O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
    O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
    O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
    O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
    O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
    O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
    O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
    O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
    O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: (no name) - {D7942BB4-7B7A-4AED-9E59-BC21C2BBB16C} - C:\Windows\system32\tuvwv.dll
    O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
    O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
    O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
    O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
    O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
    O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqpq.dll,#1
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\rqrpn.dll,#1
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\tuvwv.dll,c
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\kswbyknm.dll",run
    O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ti²
     
    Dsl pour le double post mais j'ai pas posté le bon rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:18:08, on 06/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\helppane.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0247B0D1-BDEB-4111-82F2-9D643290577F} - C:\Windows\system32\tuvwv.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\opppq.dll,#1
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\biekigou.dll",run
    O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fix ces lignes:

    O2 - BHO: (no name) - {0247B0D1-BDEB-4111-82F2-9D643290577F} - C:\Windows\system32\tuvwv.dll
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\opppq.dll,#1

    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\biekigou.dll",run
    O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll",b

    ________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\tuvwv.dll
    C:\Users\Freulon\AppData\Local\Temp\opppq.dll
    C:\Users\Freulon\AppData\Local\Temp\biekigou.dll
    C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________
    recolle hiajkchtis et dis tes soucis
    0
  8. ti²
     
    jai fais les opérations demandés mais ça na pas marche donc jai decidé de réinstaller spybot, ensuite jai lancé une analyse de spybot : il ma trouve deux ou trois spywares mais le probleme n'était toujours pas résolu.
    finalement en relançant une analyse de Nod 32, celui ci ma detecte une vingtaine de virus dont ceux qui faisaient planter l'explorateur! ^^
    Merci quand même pour ton aide!
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu avais collé les rapports on aurait pu voir...

    si ca persiste colle les rapports comme combofix....
    0
  10. aska94 Messages postés 1 Date d'inscription   Statut Membre
     
    Bonjour j'ai le meme probleme : Explorer.exe sous vista bug et se coupe souvent ou "redemarre" tout seul ,

    J'ai fait un scan avec hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:44:45, on 08/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Users\Jerome\Desktop\hijackthis\HijackThis.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jerome\AppData\Local\Temp\ddayw.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jerome\AppData\Local\Temp\gebcy.dll,c
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Jerome\AppData\Local\Temp\oejppvsu.dll",run
    O4 - HKCU\..\Run: [9cbe018b] rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\rhevmesq.dll",b
    O4 - HKCU\..\Run: [BM9f8d3217] Rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\qensmfab.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022MXFR
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{976F9A49-0E3F-43DB-9F04-7C12B70D7940}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ____________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
    0
  12. lechatpotte Messages postés 37 Statut Membre
     
    Hello hello

    j'ai le même souci...

    voici le rapport Hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:10, on 13/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\SMINST\scheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\PDFCreator\PDFCreator.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
    C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Louis-Nicolas.HP\Téléchargements\HiJackThis.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\explorer.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)
    O2 - BHO: {a55ac3c7-40b6-e8eb-7de4-08928979007f} - {f7009798-2980-4ed7-be8e-6b047c3ca55a} - C:\Windows\system32\nxugskeg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [1e62d0f1] rundll32.exe "C:\Windows\system32\tlavjmnr.dll",b
    O4 - HKLM\..\Run: [BM1d51e36d] Rundll32.exe "C:\Windows\system32\astqewum.dll",s
    O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5403] command /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2975] cmd /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4783] command /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7663] cmd /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix: 
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    
    --
    End of file - 11119 bytes
    
    
    
    --

    De tout j'veux prendre, deux fois et avec de la sauce !
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans la sauvegarde de spybot

    _____________

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    ________________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  14. gypse90 Messages postés 13 Statut Membre
     
    Bonjour !

    J'ai également le même problème... et ni kasperski ni avast ne me détectent de virus ! En revanche, kaspersky bloque régulièrement des liens internet et de nombreux fichiers .dll .

    J'ai fait un Hijackthis et voila le rapport...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:56, on 28/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Windows\RtHDVCpl.exe
    C:\Divers\Logiciels\HDTune.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\werfault.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Adobe\Adobe Premiere Pro CS3\PhotoshopServer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\WerFault.exe
    C:\Windows\explorer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0315BD3A-2347-4524-9938-3398CC2B929C} - C:\Windows\system32\fccyyVlk.dll (file missing)
    O2 - BHO: (no name) - {18365C10-B296-46F0-B42C-14BBE4D2294F} - (no file)
    O2 - BHO: (no name) - {54221442-23C2-4FD2-8D95-FBAC37C3A05F} - (no file)
    O2 - BHO: (no name) - {7271BEF8-F44D-4464-945A-2796A6C214BF} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A65A8BA0-B3EB-4173-AF75-6A967B33C81D} - (no file)
    O2 - BHO: (no name) - {F09B033E-83C0-4C08-9F8C-27BD25AED33b} - C:\Windows\system32\vcbvqlmj.dll
    O2 - BHO: {4dd8f5d3-101c-792a-7c64-9a136ef8f13f} - {f31f8fe6-31a9-46c7-a297-c1013d5f8dd4} - C:\Windows\system32\cfgsoh.dll
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HD Tune] C:\Divers\LOGICI~1\HDTune.exe
    O4 - HKLM\..\Run: [XPC Tools] C:\Program Files\Shuttle\XPC Tools\XPCTools.exe RunOnStart
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BMfbbf96df] Rundll32.exe "C:\Windows\system32\htjabwqe.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Unknown owner - C:\Windows\system32\AvidSDMService.exe (file missing)
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\Windows\system32\AvidStartup.exe (file missing)
    O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    un seul antvirus par ordi!!!!!!

    vire un des deux!!

    télécharge ceci

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    L'installation ne donne pas de grande difficulté, elle ne sera pas détaillée.
    Cependant à l'issu de l'installation, il est conseillé de laisser l'option Update Malwarebyte's Anti-Malware cochée afin d'effectuer une mise à jour de la définition virale.

    •• Pour démarrer Malwarebyte's Anti-Malware, double-cliquez sur l'icône créée sur le bureau.

    Afin de supprimer un maximum d'infections, il convient de redémarrer votre ordinateur en mode sans échec, pour cela suivez les instructions de cette page : Redémarrer en mode sans échec

    Démarrer Malwarebyte's Anti-Malware, vous devez avoir une icône sur le bureau.

    Sinon cliquez sur le menu Démarrer / Programmes / Malwarebyte's Anti-Malware / Malwarebyte's Anti-Malware

    *• Sélectionnez Perform full scan puis cliquez sur le bouton Scan pour lancer le scan.

    * •Laissez vos disques dur cochés, vous pouvez décochez le lecteur de disquette et CD-Rom
    * •Cliquez sur le bouton Start Scan pour démarrer le scan.

    Le scan s'effectue... les éléments scannés défilent en haut.

    * •Objet scanned correspond au nombre d'éléments scannés.
    * •Objets infected correspond au nombre d'éléments malicieux détectés.

    Laissez l'opération s'effectuer, si vous désirez annuler, cliquez sur le bouton Abort Scan en bas à droite.

    * •Une fois le scan complété, vous recevez un message disant que celui-ci a réussi
    * •Cliquez sur le bouton Show Results en bas pour afficher les éléments détectés

    * •Les éléments détectés apparaissent sous forme de liste.
    * •Ces derniers sont tous cochés, pour les supprimer, cliquez sur le bouton Remove Selected en bas à gauche.

    * •Une barre de progression affiche l'avancement de la suppression

    * •Si des éléments infectieux très difficiles à supprimer sont détectés (ce n'est donc pas forcément le cas), un message vous signale que le système devra être redémarré après le processus de suppression des malwares.
    * •Cliquez sur le bouton Yes pour continuer.

    * ••Un rapport de scan s'ouvre, sauvegardez le afin de pouvoir le récupérer en mode normal.••*

    ________________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  16. gypse90 Messages postés 13 Statut Membre
     
    Voila voila... tout s'est déroule sans problemes.
    MalwareBytes m'a détécté 16 objets infectés (virtumonde notamment) et j'ai lancé ComboFix dont voici le rapport...

    Merci encore pour tout.

    ComboFix 08-06-20.4 - Administrateur 2008-06-29 10:33:23.1 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1563 [GMT 2:00]
    Endroit: C:\Users\Administrateur\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\System32\ayGOYJjl.ini
    C:\Windows\System32\ayGOYJjl.ini2
    C:\Windows\system32\ecxbqees.ini
    C:\Windows\System32\itkdyofe.ini2
    C:\Windows\System32\itkdyofe.tmp
    C:\Windows\System32\jmUwGfhk.ini
    C:\Windows\System32\jmUwGfhk.ini2
    C:\Windows\system32\lmycbbpo.ini
    C:\Windows\system32\lsprst7.dll
    C:\Windows\system32\media
    C:\Windows\system32\media\AvidRender.wav
    C:\Windows\System32\rAGQAcfe.ini
    C:\Windows\System32\rAGQAcfe.ini2
    C:\Windows\system32\ssprs.dll
    C:\Windows\system32\vxtrrnmo.ini
    C:\Windows\system32\vynbtkcc.ini
    C:\Windows\system32\yfdetiam.ini
    C:\Windows\system32\ypfwblim.ini
    C:\Windows\system32\ytkwscqs.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
    2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-29 09:58 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-06-29 09:58 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-06-28 22:03 . 2008-06-28 22:03 <REP> d-------- C:\VundoFix Backups
    2008-06-28 22:01 . 2008-06-28 22:01 211 --a------ C:\Windows\wininit.ini
    2008-06-28 21:27 . 2008-06-28 21:53 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-28 21:27 . 2008-06-28 21:53 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-28 18:02 . 2008-06-28 18:02 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-28 16:01 . 2008-06-28 16:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-06-28 16:01 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-06-28 13:48 . 2008-06-28 13:48 103,424 --a------ C:\Windows\System32\smhvkidu.dll
    2008-06-28 13:48 . 2008-06-28 13:48 103,424 --a------ C:\Windows\System32\cfgsoh.dll
    2008-06-28 12:14 . 2008-06-28 12:15 90,624 --a------ C:\Windows\System32\uwdxgohi.dll
    2008-06-26 12:54 . 2008-06-26 12:54 106,496 --a------ C:\Windows\System32\symhmrmo.dll
    2008-06-26 10:20 . 2008-06-26 10:20 106,496 --a------ C:\Windows\System32\gxiioqvg.dll
    2008-06-25 17:58 . 2008-06-25 17:59 91,136 --a------ C:\Windows\System32\lhtpaowc.dll
    2008-06-25 14:37 . 2008-06-25 14:37 91,136 --a------ C:\Windows\System32\iwyixibi.dll
    2008-06-25 14:34 . 2008-06-25 14:34 91,136 --a------ C:\Windows\System32\fkkjswhr.dll
    2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\Users\All Users\Apple
    2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\ProgramData\Apple
    2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\Program Files\Apple Software Update
    2008-06-25 13:58 . 2008-06-25 13:58 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-06-25 13:45 . 2008-06-25 13:45 91,136 --a------ C:\Windows\System32\svebanuj.dll
    2008-06-25 12:20 . 2008-06-25 12:20 91,136 --a------ C:\Windows\System32\funbahxf.dll
    2008-06-25 11:28 . 2008-06-25 11:32 1,905 --a------ C:\Windows\diagwrn.xml
    2008-06-25 11:28 . 2008-06-25 11:32 1,905 --a------ C:\Windows\diagerr.xml
    2008-06-25 11:21 . 2008-06-25 11:21 99,840 --a------ C:\Windows\System32\bfbmgpku.dll
    2008-06-25 11:09 . 2008-06-25 11:09 91,136 --a------ C:\Windows\System32\tttdvdys.dll
    2008-06-24 22:17 . 2008-06-28 15:54 345 --ahs---- C:\Windows\System32\klVyyccf.ini
    2008-06-20 10:38 . 2008-06-20 10:38 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Atari
    2008-06-20 10:07 . 2008-06-20 10:07 <REP> d-------- C:\Program Files\CCleaner
    2008-06-20 10:06 . 2008-06-20 10:06 <REP> d-------- C:\Program Files\Common Files\PocketSoft
    2008-06-20 10:06 . 2002-02-27 18:50 197,120 --a------ C:\Windows\patchw32.dll
    2008-06-14 18:28 . 2008-06-15 10:20 <REP> d-a------ C:\Users\All Users\TEMP
    2008-06-14 18:28 . 2008-06-15 10:20 <REP> d-a------ C:\ProgramData\TEMP
    2008-06-14 18:28 . 2008-06-14 18:28 <REP> d-------- C:\Fraps
    2008-06-14 18:17 . 2008-06-14 18:18 <REP> d-------- C:\Beepa.Fraps.v2.8.2.6486.Retail-AnyFile
    2008-06-14 16:46 . 2008-06-15 10:19 <REP> d-------- C:\Users\Administrateur\FRAPS
    2008-06-14 16:07 . 2008-06-14 16:07 1,227,264 --a------ C:\Windows\System32\dx8vb.dll
    2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\Users\All Users\Avid
    2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Avid
    2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\ProgramData\Avid
    2008-05-29 11:23 . 2008-05-29 11:23 <REP> d-------- C:\Program Files\Common Files\Digidesign
    2008-05-29 11:22 . 2007-06-15 22:11 1,658,973 --a------ C:\Windows\System32\libmmd.dll
    2008-05-29 11:22 . 2007-06-15 22:26 45,056 --a------ C:\Windows\System32\wnaspi32.dll
    2008-05-29 11:22 . 2007-06-15 22:26 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys
    2008-05-29 11:22 . 2007-06-15 22:26 5,600 --a------ C:\Windows\system\winaspi.dll
    2008-05-29 11:22 . 2007-06-15 22:26 4,672 --a------ C:\Windows\system\wowpost.exe
    2008-05-29 11:21 . 2006-12-09 01:17 126,976 --a------ C:\Windows\System32\Digi32.dll
    2008-05-29 11:20 . 2008-05-29 11:20 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\InstallShield
    2008-05-29 11:20 . 2008-05-29 11:20 <REP> d-------- C:\Program Files\Digidesign
    2008-05-29 11:19 . 2007-06-15 23:09 499,712 --a------ C:\Windows\System32\msvcp71.dll
    2008-05-29 11:19 . 2007-06-15 23:09 348,160 --a------ C:\Windows\System32\msvcr71.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-28 13:39 --------- d-----w C:\Users\Administrateur\AppData\Roaming\uTorrent
    2008-06-25 12:31 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-06-25 12:30 --------- d-----w C:\ProgramData\Apple Computer
    2008-06-25 11:31 --------- d-----w C:\ProgramData\Microsoft Help
    2008-06-24 20:43 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-06-24 16:19 --------- d-----w C:\Users\Administrateur\AppData\Roaming\FileZilla
    2008-06-24 15:05 --------- d-----w C:\Program Files\Unlocker
    2008-06-22 15:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-20 14:09 --------- d-----w C:\Program Files\Free Download Manager
    2008-06-20 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-20 08:00 --------- d-----w C:\Program Files\Atari
    2008-06-20 07:04 --------- d-----w C:\ProgramData\Messenger Plus!
    2008-06-16 13:12 --------- d-----w C:\Program Files\Rockstar Games
    2008-06-05 10:17 --------- d-----w C:\Program Files\JetAudio
    2008-06-03 08:23 --------- d-----w C:\Users\Administrateur\AppData\Roaming\SpeedSim
    2008-06-01 16:52 --------- d-----w C:\Users\Administrateur\AppData\Roaming\dvdcss
    2008-06-01 09:56 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-05-27 18:54 --------- d-----w C:\Program Files\FileZilla FTP Client
    2008-05-22 15:27 --------- d-----w C:\Program Files\LEGO Star Wars Game
    2008-05-22 15:06 --------- d-----w C:\Program Files\Lego Star Wars II
    2008-05-18 08:26 --------- d-----w C:\Program Files\Microsoft Games
    2008-05-17 22:14 --------- d-----w C:\ProgramData\Test Drive Unlimited
    2008-05-17 15:34 --------- d-----w C:\Users\Administrateur\AppData\Roaming\COWON
    2008-05-17 15:34 --------- d-----w C:\Program Files\Common Files\COWON
    2008-05-17 15:27 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Ahead
    2008-05-13 20:51 --------- d-----w C:\ProgramData\NVIDIA
    2008-05-13 19:42 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Microsoft Games
    2008-05-13 18:40 --------- d-----w C:\Program Files\Common Files\Microsoft Games
    2008-05-10 21:57 --------- d-----w C:\ProgramData\Minnetonka Audio Software
    2008-05-10 16:56 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Media Player Classic
    2008-05-10 16:23 --------- d-----w C:\Users\Administrateur\AppData\Roaming\DivX
    2008-05-10 11:40 --------- d-----w C:\Program Files\DivX
    2008-05-10 11:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-05-10 09:50 --------- d-----w C:\ProgramData\FLEXnet
    2008-05-10 09:45 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-10 09:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-05-10 08:17 --------- d-----w C:\ProgramData\eMule
    2008-05-10 08:16 --------- d-----w C:\Users\Administrateur\AppData\Roaming\eMule
    2008-05-10 08:16 --------- d-----w C:\Program Files\SpeedSim
    2008-05-10 08:16 --------- d-----w C:\Program Files\eMule
    2008-05-09 22:06 --------- d-----w C:\Users\Administrateur\AppData\Roaming\vlc
    2008-05-09 22:06 --------- d-----w C:\Program Files\VideoLAN
    2008-05-09 21:57 --------- d-----w C:\Program Files\uTorrent
    2008-05-09 21:49 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2008-05-09 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-09 21:17 --------- d-----w C:\Program Files\Windows Live
    2008-05-09 21:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-09 20:52 --------- d-----w C:\ProgramData\WLInstaller
    2008-05-09 20:48 --------- d-----w C:\Program Files\TP-LINK
    2008-05-09 20:08 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Notepad++
    2008-05-09 16:12 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Talkback
    2008-05-09 16:05 --------- d--h--w C:\ProgramData\CanonBJ
    2008-05-09 15:50 --------- d-----w C:\Program Files\Shuttle
    2008-05-09 15:49 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-05-09 15:49 315,392 ----a-w C:\Windows\HideWin.exe
    2008-05-09 15:49 --------- d-----w C:\Program Files\Realtek
    2008-05-09 15:29 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Thunderbird
    2008-05-09 15:29 --------- d-----w C:\Program Files\Real Alternative
    2008-05-09 15:29 --------- d-----w C:\Program Files\ElcomSoft
    2008-05-09 15:29 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-09 15:29 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-05-09 15:28 --------- d-----w C:\Users\Administrateur\AppData\Roaming\FlashFXP
    2008-05-09 15:28 --------- d-----w C:\Program Files\Xtremsplit
    2008-05-09 15:28 --------- d-----w C:\Program Files\QuickPar
    2008-05-09 15:28 --------- d-----w C:\Program Files\Notepad++
    2008-05-09 15:28 --------- d-----w C:\Program Files\MSECache
    2008-05-09 15:24 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-09 15:23 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-09 15:19 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Nero
    2008-05-09 15:19 --------- d-----w C:\ProgramData\Nero
    2008-05-09 15:19 --------- d-----w C:\Program Files\Nero
    2008-05-09 15:19 --------- d-----w C:\Program Files\Common Files\Nero
    2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-09 15:08 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-05-09 15:06 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-05-09 15:05 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 15:38 4390912 C:\Windows\RtHDVCpl.exe]
    "HD Tune"="C:\Divers\LOGICI~1\HDTune.exe" [2007-09-03 00:37 401408]
    "XPC Tools"="C:\Program Files\Shuttle\XPC Tools\XPCTools.exe" [2007-05-04 13:44 5034046]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableInstallerDetection"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "MIDI1"= diomidi.dll
    "wave1"= Digi32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys [2006-12-08 22:50]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
    R3 XPCDriver;XPCDriver;C:\Windows\system32\drivers\XPCDriver.sys [2007-05-02 10:15]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-29 10:36:47
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\conime.exe
    C:\Divers\Logiciels\HDTune.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-29 10:39:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-29 08:39:31

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 141,588,205,568 octets libres

    258
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyses ces fichiers sur virus total et dis lesquels sont considérés comme infectés
    https://www.virustotal.com/gui/

    C:\Windows\System32\smhvkidu.dll
    C:\Windows\System32\cfgsoh.dll
    C:\Windows\System32\uwdxgohi.dll
    C:\Windows\System32\symhmrmo.dll
    C:\Windows\System32\gxiioqvg.dll
    C:\Windows\System32\lhtpaowc.dll
    C:\Windows\System32\iwyixibi.dll
    C:\Windows\System32\fkkjswhr.dll
    C:\Windows\System32\svebanuj.dll
    C:\Windows\System32\funbahxf.dll
    C:\Windows\System32\bfbmgpku.dll
    C:\Windows\System32\tttdvdys.dll
    C:\Windows\System32\klVyyccf.ini
    0